beacon

An ultrasonic beacon is an inaudible sound with encoded data that can be used by a listening device to receive information on just about anything. Beacons can be used, for example, inside a shop to highlight a particular promotion or on a museum for guided tours where the ultrasonic beacons can encode the location. Or they can be used to track people consumers. Imagine if Google find outs… oh, wait… they already did, some years ago. As with almost any technology, it can be used to ‘do no harm’ or to serve other purposes.

Researchers from the Technische Universitat Braunschweig in Germany presented a paper about Ultrasonic Side Channels on Mobile Devices and how can they be abused in a variety of scenarios , ranging from simple consumer tracking to deanonymization. These types of ultrasonic beacons work in the 18 kHz – 20 kHz range, which the human being doesn’t have the ability to hear, unless you are under twenty years old, due to presbycusis. Yes, presbycusis. This frequency range can played via almost any speaker and can be picked up easily by most mobile device microphones, so no special hardware is needed. Speakers and mics are almost ubiquitous nowadays, so there is a real appeal to the technology.

While faking BLE advertising beacons using an nRF24L01+ module is nothing new, it’s become a heck of a lot easier now that [Pranav Gulati] has written some library code and a few examples for it.

[Pranav]’s work is based on [Dmitry Grinberg]’s epic bit-banging BLE research that we featured way back in 2013. And while the advertisement channel in BLE is limited in the amount of data it can send, a $1 nRF24 module and a power-thrifty microcontroller would be great for a battery-powered device that needs to send small amount of data infrequently for a really long time.

We’re not 100% sure where [Pranav] is going to take this project. Honestly, the library looks like it’s ready to use right now. If you’ve been holding off on making your own BLE-enabled flock of birds, or even if you just want to mess around with the protocol, your life has gotten a lot easier.

It is reasonably easy to make a microcontroller spit out some Morse code. What makes [pavlin’s] take on this project interesting is that it resides on a tiny USB board with an ARM processor. The design for the board is available with single-sided artwork suitable for production using simple methods like toner transfer.

The STM device has a built-in USB bootloader. It can also act as a serial port, which makes the project very simple. The only external parts are a speaker and an optoisolator. The program provides a command line interface over the serial port that you can use to program the message and set other options like speed and the delay between messages. The code is available on GitHub.

At the center of this breadboarded circuit lies the green AD9850 module. To its left is a level converter he built to get the 3.3V levels from the RPi board to work with the rest of the 5V hardware. The signal then feeds into a QRP amplifier and a low pass filter.

He didn’t start from square one when it came time to write the code for the RPi. Instead he grabbed an Arduino sketch for the very same DDS and ported it over to Python. The first test signal was his call sign sent in Morse code at QRSS speeds. But he also managed to get Hellschreiber messages working, making it a multiple-mode device.

The hardware is segregated into two parts of the board. The lower portion is a take on the Arduino, and the upper portion is a wireless transmitter meant to control some cheap RC cars. [Jason] figured this was perfect for conversion as a CW beacon (continuous wave is what Morse Code is called if you’re a ham). The first issue he encountered was getting the badge to play nicely with the Arduino IDE. It was setup to run Slowduino firmware which uses the internal oscillator. [Jason] soldered on his own crystal and reflashed the firmware. He found that the transmitter couldn’t be directly keyed because of the shifting used in the RC car protocol. He cut the power to the transmitter, and found that it could be more accurately keyed by injecting power to one of the other pins. Check out the video after the break for a better explanation of his technique.